Can Your Coffee Hack You?

The ease at which QR codes connect us with our favorite brands is exactly where the security flaw comes into play.

Our favorite brands are incorporating QR codes into their promotional marketing campaigns as QR codes allow for potential customers to connect with a product while on their way through the rush of the day. Simply scan and voila! the product is in the palm of your hand. This easy to use technology is being utilized more often these days and customers are beginning to feel comfortable using it. With social media websites like Instagram and Snapchat accumulating millions of Scans a day, to airport terminals and parking tickets, a once tough to use technology has made its way into our everyday lives.

Developed in 1994 by a small team working for a Japanese engineering company called Denso Wave, the QR code (Quick Response Code) was designed for automotive parts to be scanned quickly and efficiently while speeding through the production line. Superior to the generic “Bar Code,” the QR code holds more data, increases overall production speed and subsequently, profits.

In the U.S., QR codes remained on the production line up until around 2010 when the general public began downloading their apps and utilizing them at an increasing rate. The QR code was the future of sharing information on the Internet, until it just wasn’t. Initial excitement dissipated and gave way to mockery, and in some cases, outright hatred. The apps didn’t work and our arms grew tired of waiting for the scan. Some time after it’s explosion on to the scene, the QR code had unofficially died, that is until Apple Corporation released its September 19, 2017 IOS 11 update with it’s very own native QR scanner built directly into its iPhone camera-(translation) Point your camera at any QR code and it automatically scans, instantly.

As QR codes make their comeback, all our favorite companies are coming up with innovative new ways to incorporating them within their promotional marketing campaigns. Following someone on social media is as simple as a scan, scan a restaurant QR code on your receipt to review them on Yelp, download the new version of the latest popular phone game by simply scanning their code (you get the picture)


You might come across what appears to be a “free drink” at one of your favorite coffee shops and by scanning the QR code on the promotional coupon you have instead given your personal information to whoever created the promotional material (whether or not it was Hipsterbucks at all) and here in lies the dormant security flaw hiding behind all of our favorite brands, television shows and products. Every banker from Seattle to Manhattan grabs a coffee before they head into work. They might see one of these fraudulent promotional fliers on their way to the office, plastered to the crosswalk, on the internet or in an email. Just like a phishing scam, the malicious QR code is disguised in such that when you open it up and enter your credentials, you don’t even realize that your name, Email account passwords and IP address had been stolen. (Looks like the hacker is the one with the free coffee) The promotional coupon you willingly scanned could have even been real, where the hacker simply placed his own QR code over the original. The QR code could even bring you to the company’s real website, only to harvest your credentials as you attempt to claim your “free” product.

With the rise of the QR code, the QR attack rises too.

· QR coupon scans will reach 5.3 billion by 2022

· QR coupons redeemed via mobile in 2018 approached about 1.8 billion.

· Over 1 billion mobile devices will scan QR coupons through QR codes by 2022.

With the rise of the QR code, Hackers will be coming up with new ways to collect your information while utilizing them. Most authentic QR codes are indistinguishable from malicious QR codes and the only way to find out whether it’s the real deal is by giving it a scan. Good luck.

Fabrice Mouret